Hello Cabal Devs,
Since the recurring topic of software licenses is being discussed on
haskell-cafe again, I was wondering what the .cabal license-field should
be for packages linking _directly_ to C-libraries, such as Haskell
language bindings to C-libraries.
To be more specific: As a side-effect of the ongoing discussion, Michael
Snoyman implemented a web-based tool for computing the transitive
license multiset[1] which made me wonder whether the .cabal license
field should describe only the license of the source code proper
distributed with the package or whether it should also take into account
the licenses of the wrapped/linked libraries?
E.g.
* http://hackage.haskell.org/package/hfann is advertised as BSD3, but
the FANN library[2] is actually LGPL.
* http://hackage.haskell.org/package/igraph is advertised as BSD3 but
the underlying igraph library is GPL2+ [3].
In these cases Michael's license-tool has no chance to report reliable
information about the involved licenses, as the LGPL/GPL license is not
mentioned in the cabal meta-data.
In order to help describe cabal package's licenses more accurate, would
it be conceivable to have either
a) the license field take a list of licenses,
b) in case of FFI bindings, set the license field to the more
restricting license type, or
c) introduce an additional field 'x-license' for specifying the
external non-Haskell library's license?
PS: A separate but related issue was raised in the haskell-cafe
discussion: Many packages depend on the cpphs library as a hack,
although they only need the cpphs executable (and therefore don't
link against the cpphs package). This also skews the result that
tools like [1] report, as the cpphs library is LGPLed which doesn't
matter if only the cpphs executable was actually used for building
the package.
[1]: http://packdeps.haskellers.com/licenses
[2]: http://leenissen.dk/fann/wp/
[3]: http://igraph.sourceforge.net/license.html
Cheers,
hvr